Please follow the steps listed below:
Recently I have done the enforce recovery by uininstalling and recovering back to original one.
1. Backup your config folder located at Symantec DLP\protect.
2. Backup your plugins folder located at Symantec DLP\protect
3. Backup the .keystore file located at Symantec DLP\protect\tomcat\conf
4. Backup the keystore folder located at Symantec DLP\protect
5. Create EnforceReinstallationResources.zip containg config and keystore folder. (Note this is manual process of creating EnforceReinstallationResources.zip, if you want to get it automatically then at the time you uninstall the enforce it will ask you to save the previous configuration the same file will be created in SymantecDLP Folder, you can use that file to resinstall the enforce server.
6. Resinstall the Enforce Server using ProtectInstaller64_15.0.exe and make sure you uncheck the Initialize Enforce Data check box if you want to perform a recovery operation.
7. It will ask EnforceReinstallationResources.zip browse the location where you stored it and click next.
8. If you get an error like this : Failed to encrypt the password file. Installation will abort, then click OK to abort.
9. Even if installation is aborted, it will create the Symantec DLP Folder at the installed location.
10. Maunally copy the CryptoMasterKey.properties and Encryption key(not sure abou the exact name but the file type will be key file) located under config folder which you already had the backup to SymantecDLP\protect\config
11. Again reinstall the eforce server and this time you will not get any error.
12. After reinstalltion, stop the vontu services, replace plugin folder and .keystore file which you have taken the backup earlier.
13. Start the Vontu services, Now go to Keystore folder. check if certificate_authority_v1.jks is same as the file located in the backup of keystore folder.
14. if not replace the file with original file and update it on oracle by going to DB and connecting it to sql plus using protect folder and executing this command:
update certificate set CERTIFICATEFILENAME=’certificate_authority_v1.jks’ where CERTIFICATEID=1;
15. check if Agents are reporting or not.
Regards
Satyajeet Anand.